首先,我知道有为此创建的软件,但我试图将其展示给一个严格禁止任何旧应用程序进入环境的企业。我有一个 Powershell 脚本,它完全可以满足我的需要……几乎。我试图从系统中完全删除用户配置文件,但未能删除最后一个文件夹、子文件夹和文件,以及整个用户文件夹本身。
这是将删除我选择的任何用户以及排除我选择的任何用户的脚本。效果很好!它从设置中删除配置文件,从 regedit 中删除密钥,并从“查看高级系统设置”中删除用户
$usersToDelete = "userb"
$excludedUserNames = "Administrator", "DefaultAccount", "Guest", "vboxuser"
foreach ($user in $usersToDelete) {
Get-LocalUser $user | Remove-LocalUser
}
Get-WmiObject -Class Win32_UserProfile | Where-Object { $_.LocalPath -match "^C:\\Users\\($([string]::Join('|', $usersToDelete)))$" -and $_.SID -notmatch "^S-1-5-18$" -and $_.SID -notmatch "^S-1-5-19$" -and $_.SID -notmatch "^S-1-5-20$" } | ForEach-Object {
$sid = $_.SID
$username = $_.LocalPath -replace "^C:\\Users\\"
if ($username -notin $excludedUserNames) {
Remove-WmiObject -Class Win32_UserProfile -Filter "SID='$sid'" -ErrorAction SilentlyContinue
$userPath = "C:\Users\$username"
if (Test-Path $userPath) { Remove-Item $userPath -Recurse -Force }
Remove-Item "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$sid" -Recurse -Force -ErrorAction SilentlyContinue
Remove-Item -Path "C:\Users\$username" -Recurse -Force -ErrorAction SilentlyContinue
foreach ($user in $usersToDelete) {
Get-LocalUser $user | Remove-LocalUser
}
}
}
$usersToDelete = "userb"
foreach ($user in $usersToDelete) {
$userPath = "C:\Users\$user"
if (Test-Path $userPath) {
Remove-Item $userPath -Recurse -Force
}
}
不幸的是,它在 Windows 资源管理器中的文件夹中被阻止。它被阻止的主要文件夹是“C:\Users\USERNAME\AppData\Local\Application Data” 我找到了一个修复程序,可以让我运行此脚本并删除整个用户文件夹。 选中“用该对象的可继承权限条目替换所有子对象权限条目”,右键单击我要删除的用户文件夹 -> 属性 -> 安全 -> 高级。 一旦我选中该框并重新运行脚本,据我所知,该用户已从 PC 中完全删除。有没有办法将其自动生成批处理文件或(甚至更好)将其放入我的脚本中?我需要能够为多个用户以及我选择的用户执行此操作。谢谢!
这些是我试图授予自己权限的几个批处理文件,但总是有一些文件或文件夹返回“访问被拒绝”错误。
set folder="C:\Users\userb\appdata"
takeown /F %folder% /R /D Y
icacls %folder% /reset /T
icacls %folder% /inheritance:r /grant:r "Authenticated Users":(OI)(CI)F /T
icacls %folder% /setowner "NT AUTHORITY\SYSTEM" /T
icacls %folder% /grant:r "SYSTEM":(OI)(CI)F /T
pause
set folder="C:\Users\userb\appdata"
takeown /F %folder% /R /D Y
icacls %folder% /reset /T
icacls %folder% /inheritance:r /grant:r "Authenticated Users":(OI)(CI)F /T
icacls %folder% /setowner "NT AUTHORITY\SYSTEM" /T
icacls %folder% /grant:r "SYSTEM":(OI)(CI)F /T
pause
这是 ChatGPT 给我的一些解决方案。这些都不起作用。
``$FolderPath = "C:\Users\usera\AppData\Local\Application Data"
# Get the folder object
$FolderACL = Get-Acl -Path $FolderPath
# Enable inheritance for all child objects
$FolderACL.SetAccessRuleProtection($false, $true)
# Apply the changes to the folder
Set-Acl -Path $FolderPath -AclObject $FolderACL
Other script that may grant access
icacls C:\Users\vboxuser\AppData\Local /grant USERNAME:(OI)(CI)F /T`
也许这也是\
`# Remove the user profile
Get-WmiObject -Class Win32_UserProfile | Where-Object { $_.SID -eq $UserSID } | ForEach-Object {
$ProfilePath = $_.LocalPath
Remove-WmiObject -InputObject $_
Remove-Item -Path $ProfilePath -Recurse -Force
}
就是从这个
# Specify the username whose profile you want to remove
`$Username = "UserA"`
# Get the SID of the user
`$UserSID = (Get-LocalUser -Name $Username).SID.Value`
# Remove the user profile
`Get-WmiObject -Class Win32_UserProfile | Where-Object { $_.SID -eq $UserSID } | ForEach-Object {
$ProfilePath = $_.LocalPath
Remove-WmiObject -InputObject $_
Remove-Item -Path $ProfilePath -Recurse -Force
}`
# Remove the user's registry key
`Remove-Item -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\$UserSID" -Recurse -Force`
# Remove the user account
`Remove-LocalUser -Name $Username -Force``
$profilePath = "C:\Users\vboxuser"
$shell = New-Object -ComObject Shell.Application
$folder = $shell.NameSpace($profilePath)
$item = $folder.Self
$security = $item.GetAccessControl(1)
$securityDialog = $folder.ParentFolder.ParseName($item.Name).InvokeVerb("properties")
Start-Sleep -Milliseconds 1000
[System.Windows.Forms.SendKeys]::SendWait("{TAB}{TAB}{TAB}{TAB}{TAB}{SPACE}")
Start-Sleep -Milliseconds 500
[System.Windows.Forms.SendKeys]::SendWait("{TAB}{DOWN}{TAB}{TAB}{SPACE}")
Start-Sleep -Milliseconds 500
[System.Windows.Forms.SendKeys]::SendWait("{TAB}{SPACE}")
Start-Sleep -Milliseconds 500
[System.Windows.Forms.SendKeys]::SendWait("{TAB}{ENTER}")
Start-Sleep -Milliseconds 500
$securityDialog.Close()
这个我也试过了,还是不行。 https://stackoverflow.com/questions/71876626/how-to-replace-all-child-object-permission-entries-with-inheritable-permission`